When we hear the word hacking we often think of some complex and mysterious art that only a select few people in the world have the expertise to perform. This is a misnomer, however, and it's one of the great contributors to the hacking going on today.

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Server hacking doesn't have to be that complex and, in reality, it often isn't. Sure, the propeller head hackers will flaunt their "mad skillz," but these really aren't the guys we need to worry about. Instead, it's usually the people with lesser skills combined with patient determination that'll cause the most problems. In fact, these people are on the inside of many networks this very moment, seeking out vulnerabilities that can be exploited for ill-gotten gains.

When it comes to keeping Windows servers protected from intrusion, I'm a strong believer in focusing on the low-hanging fruit first. Remember, it's the basic security weaknesses that'll get you every time. In a previous tip, I outlined some of the common causes of Windows server security vulnerabilities. Now, let's take a look at two common exploits I see in Windows servers and how they're actually carried out.

Missing patches that lead to remote command prompts

As simplistic (and boring) as patching can be, you'd think most Windows servers would be somewhat up-to-date on patches. Unfortunately, that's often not the case. Inconsistent patch management is one of the greatest contributors to Windows server weaknesses.

Here's how the bad guys carry out their attacks against unpatched Windows servers:

Attackers run a free vulnerability scanner from outside or -- more commonly -- inside the network and find a missing patch.

Attackers set up a backdoor user account and add themselves to the local administrators group.

Attackers have full access to the system (local login, remote desktop, VPN, etc.) and odds are in their favor that no one will never notice.

Unsecured network shares that lead to unauthorized file access

Sharing files on the network is one of the basic functionalities of Windows servers. Unfortunately, it's also the Achilles heel that facilitates unauthorized access by otherwise "trusted" users. Boredom, curiosity and revenge sometimes find their way into the scenario of an employee clicking around in Windows Explorer and stumbling across sensitive information he or she should not be able to access.

Here's how the bad guys carry out their attacks against unsecured Windows shares:

Attackers run a free share scanner tool such as GFI LANguard inside the network and find numerous shares on Windows servers – many of which happen to have Full Control granted to the Everyone group.

Attackers plug some keywords in the text search tool that signify sensitive information such as "password", "SSN", or "confidential", and off it goes.

Attackers find Microsoft Excel spreadsheets, Word documents, PDF files, and databases chock full of sensitive employee and customer information that can be used for illicit purposes. Once again, chances are no one will ever notice.

With enough "sticktuitiveness" an attacker can find missing/simple passwords on Windows servers, weak SQL Server configurations, IIS-based servers configured to share entire drives out via anonymous FTP, and much more. If physical access is possible (which is often the case in smaller businesses), attackers can reboot Windows servers and bring them up using a live CD containing Ophcrack or Elcomsoft System Recovery. They can then gain full access to all user accounts and passwords, including the Active Directory file ntdis.dit. The entire Windows environment is "0wned" and, yet again, odds are in the attacker's favor that no one will ever notice.

Be it an external hacker or malicious insider, it's likely that there are weaknesses on your Windows servers waiting to be exploited. Given enough time, they very well could be. Your mission is to seek out what's vulnerable and plug the holes before the bad guys beat you to the punch.

E-Chapter

E-Handbook

0 comments

E-Mail

Username / Password

Password

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy